| blob | acc595a745e9800128d877f824afd5a5eacec634 |
2 /*--------------------------------------------------------------------*/
3 /*--- A header file for all parts of the MemCheck tool. ---*/
4 /*--- mc_include.h ---*/
5 /*--------------------------------------------------------------------*/
7 /*
8 This file is part of MemCheck, a heavyweight Valgrind tool for
9 detecting memory errors.
11 Copyright (C) 2000-2017 Julian Seward
12 jseward@acm.org
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License as
16 published by the Free Software Foundation; either version 2 of the
17 License, or (at your option) any later version.
19 This program is distributed in the hope that it will be useful, but
20 WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; if not, see <http://www.gnu.org/licenses/>.
27 The GNU General Public License is contained in the file COPYING.
28 */
30 #ifndef __MC_INCLUDE_H
31 #define __MC_INCLUDE_H
33 #define MC_(str) VGAPPEND(vgMemCheck_,str)
36 /* This is a private header file for use only within the
37 memcheck/ directory. */
39 /*------------------------------------------------------------*/
40 /*--- Tracking the heap ---*/
41 /*------------------------------------------------------------*/
43 /* By default, we want at least a 16B redzone on client heap blocks
44 for Memcheck.
45 The default can be modified by --redzone-size. */
46 #define MC_MALLOC_DEFAULT_REDZONE_SZB 16
47 // effective redzone, as (possibly) modified by --redzone-size:
50 /* For malloc()/new/new[] vs. free()/delete/delete[] mismatch checking. */
51 typedef
57 }
58 MC_AllocKind;
60 /* This describes a heap block. Nb: first two fields must match core's
61 * VgHashNode. */
62 typedef
70 /* Variable-length array. The size depends on MC_(clo_keep_stacktraces).
71 This array optionally stores the alloc and/or free stack trace. */
72 }
73 MC_Chunk;
75 /* Returns the execontext where the MC_Chunk was allocated/freed.
76 Returns VG_(null_ExeContext)() if the execontext has not been recorded (due
77 to MC_(clo_keep_stacktraces) and/or because block not yet freed). */
81 /* Records and sets execontext according to MC_(clo_keep_stacktraces) */
85 /* number of pointers needed according to MC_(clo_keep_stacktraces). */
88 /* Memory pool. Nb: first two fields must match core's VgHashNode. */
89 typedef
97 // memory, and used as pool.
99 }
100 MC_Mempool;
105 SizeT orig_align,
123 /* Searches for a recently freed block which might bracket Addr a.
124 Return the MC_Chunk* for this block or NULL if no bracketting block
125 is found. */
128 /* For efficient pooled alloc/free of the MC_Chunk. */
131 /* For tracking malloc'd blocks. Nb: it's quite important that it's a
132 VgHashTable, because VgHashTable allows duplicate keys without complaint.
133 This can occur if a user marks a malloc() block as also a custom block with
134 MALLOCLIKE_BLOCK. */
137 /* For tracking memory pools. */
140 /* Shadow memory functions */
150 /* nr of free operations done */
157 void* MC_(__builtin_vec_new_aligned) ( ThreadId tid, SizeT n, SizeT alignB, SizeT orig_alignB );
172 /*------------------------------------------------------------*/
173 /*--- Origin tracking translate-time support ---*/
174 /*------------------------------------------------------------*/
176 /* See detailed comments in mc_machine.c. */
180 /* Constants which are used as the lowest 2 bits in origin tags.
182 An origin tag comprises an upper 30-bit ECU field and a lower 2-bit
183 'kind' field. The ECU field is a number given out by m_execontext
184 and has a 1-1 mapping with ExeContext*s. An ECU can be used
185 directly as an origin tag (otag), but in fact we want to put
186 additional information 'kind' field to indicate roughly where the
187 tag came from. This helps print more understandable error messages
188 for the user -- it has no other purpose.
190 Hence the following 2-bit constants are needed for 'kind' field.
192 To summarise:
194 * Both ECUs and origin tags are represented as 32-bit words
196 * m_execontext and the core-tool interface deal purely in ECUs.
197 They have no knowledge of origin tags - that is a purely
198 Memcheck-internal matter.
200 * all valid ECUs have the lowest 2 bits zero and at least
201 one of the upper 30 bits nonzero (see VG_(is_plausible_ECU))
203 * to convert from an ECU to an otag, OR in one of the MC_OKIND_
204 constants below
206 * to convert an otag back to an ECU, AND it with ~3
207 */
215 /*------------------------------------------------------------*/
216 /*--- Profiling of memory events ---*/
217 /*------------------------------------------------------------*/
219 /* Define to collect detailed performance info. */
220 /* #define MC_PROFILE_MEMORY */
221 #ifdef MC_PROFILE_MEMORY
223 /* Order of enumerators does not matter. But MCPE_LAST has to be the
224 last entry in the list as it is used as an array bound. */
226 MCPE_LOADV8,
227 MCPE_LOADV8_SLOW1,
228 MCPE_LOADV8_SLOW2,
229 MCPE_LOADV16,
230 MCPE_LOADV16_SLOW1,
231 MCPE_LOADV16_SLOW2,
232 MCPE_LOADV32,
233 MCPE_LOADV32_SLOW1,
234 MCPE_LOADV32_SLOW2,
235 MCPE_LOADV64,
236 MCPE_LOADV64_SLOW1,
237 MCPE_LOADV64_SLOW2,
238 MCPE_LOADV_128_OR_256,
239 MCPE_LOADV_128_OR_256_SLOW_LOOP,
240 MCPE_LOADV_128_OR_256_SLOW1,
241 MCPE_LOADV_128_OR_256_SLOW2,
242 MCPE_LOADVN_SLOW,
243 MCPE_LOADVN_SLOW_LOOP,
244 MCPE_STOREV8,
245 MCPE_STOREV8_SLOW1,
246 MCPE_STOREV8_SLOW2,
247 MCPE_STOREV8_SLOW3,
248 MCPE_STOREV8_SLOW4,
249 MCPE_STOREV16,
250 MCPE_STOREV16_SLOW1,
251 MCPE_STOREV16_SLOW2,
252 MCPE_STOREV16_SLOW3,
253 MCPE_STOREV16_SLOW4,
254 MCPE_STOREV32,
255 MCPE_STOREV32_SLOW1,
256 MCPE_STOREV32_SLOW2,
257 MCPE_STOREV32_SLOW3,
258 MCPE_STOREV32_SLOW4,
259 MCPE_STOREV64,
260 MCPE_STOREV64_SLOW1,
261 MCPE_STOREV64_SLOW2,
262 MCPE_STOREV64_SLOW3,
263 MCPE_STOREV64_SLOW4,
264 MCPE_STOREVN_SLOW,
265 MCPE_STOREVN_SLOW_LOOP,
266 MCPE_MAKE_ALIGNED_WORD32_UNDEFINED,
267 MCPE_MAKE_ALIGNED_WORD32_UNDEFINED_SLOW,
268 MCPE_MAKE_ALIGNED_WORD64_UNDEFINED,
269 MCPE_MAKE_ALIGNED_WORD64_UNDEFINED_SLOW,
270 MCPE_MAKE_ALIGNED_WORD32_NOACCESS,
271 MCPE_MAKE_ALIGNED_WORD32_NOACCESS_SLOW,
272 MCPE_MAKE_ALIGNED_WORD64_NOACCESS,
273 MCPE_MAKE_ALIGNED_WORD64_NOACCESS_SLOW,
274 MCPE_MAKE_MEM_NOACCESS,
275 MCPE_MAKE_MEM_UNDEFINED,
276 MCPE_MAKE_MEM_UNDEFINED_W_OTAG,
277 MCPE_MAKE_MEM_DEFINED,
278 MCPE_CHEAP_SANITY_CHECK,
279 MCPE_EXPENSIVE_SANITY_CHECK,
280 MCPE_COPY_ADDRESS_RANGE_STATE,
281 MCPE_COPY_ADDRESS_RANGE_STATE_LOOP1,
282 MCPE_COPY_ADDRESS_RANGE_STATE_LOOP2,
283 MCPE_CHECK_MEM_IS_NOACCESS,
284 MCPE_CHECK_MEM_IS_NOACCESS_LOOP,
285 MCPE_IS_MEM_ADDRESSABLE,
286 MCPE_IS_MEM_ADDRESSABLE_LOOP,
287 MCPE_IS_MEM_DEFINED,
288 MCPE_IS_MEM_DEFINED_LOOP,
289 MCPE_IS_MEM_DEFINED_COMPREHENSIVE,
290 MCPE_IS_MEM_DEFINED_COMPREHENSIVE_LOOP,
291 MCPE_IS_DEFINED_ASCIIZ,
292 MCPE_IS_DEFINED_ASCIIZ_LOOP,
293 MCPE_FIND_CHUNK_FOR_OLD,
294 MCPE_FIND_CHUNK_FOR_OLD_LOOP,
295 MCPE_SET_ADDRESS_RANGE_PERMS,
296 MCPE_SET_ADDRESS_RANGE_PERMS_SINGLE_SECMAP,
297 MCPE_SET_ADDRESS_RANGE_PERMS_STARTOF_SECMAP,
298 MCPE_SET_ADDRESS_RANGE_PERMS_MULTIPLE_SECMAPS,
299 MCPE_SET_ADDRESS_RANGE_PERMS_DIST_SM1,
300 MCPE_SET_ADDRESS_RANGE_PERMS_DIST_SM2,
301 MCPE_SET_ADDRESS_RANGE_PERMS_DIST_SM1_QUICK,
302 MCPE_SET_ADDRESS_RANGE_PERMS_DIST_SM2_QUICK,
303 MCPE_SET_ADDRESS_RANGE_PERMS_LOOP1A,
304 MCPE_SET_ADDRESS_RANGE_PERMS_LOOP1B,
305 MCPE_SET_ADDRESS_RANGE_PERMS_LOOP1C,
306 MCPE_SET_ADDRESS_RANGE_PERMS_LOOP8A,
307 MCPE_SET_ADDRESS_RANGE_PERMS_LOOP8B,
308 MCPE_SET_ADDRESS_RANGE_PERMS_LOOP64K,
309 MCPE_SET_ADDRESS_RANGE_PERMS_LOOP64K_FREE_DIST_SM,
310 MCPE_NEW_MEM_STACK,
311 MCPE_NEW_MEM_STACK_4,
312 MCPE_NEW_MEM_STACK_8,
313 MCPE_NEW_MEM_STACK_12,
314 MCPE_NEW_MEM_STACK_16,
315 MCPE_NEW_MEM_STACK_32,
316 MCPE_NEW_MEM_STACK_112,
317 MCPE_NEW_MEM_STACK_128,
318 MCPE_NEW_MEM_STACK_144,
319 MCPE_NEW_MEM_STACK_160,
320 MCPE_DIE_MEM_STACK,
321 MCPE_DIE_MEM_STACK_4,
322 MCPE_DIE_MEM_STACK_8,
323 MCPE_DIE_MEM_STACK_12,
324 MCPE_DIE_MEM_STACK_16,
325 MCPE_DIE_MEM_STACK_32,
326 MCPE_DIE_MEM_STACK_112,
327 MCPE_DIE_MEM_STACK_128,
328 MCPE_DIE_MEM_STACK_144,
329 MCPE_DIE_MEM_STACK_160,
330 MCPE_MAKE_STACK_UNINIT_W_O,
331 MCPE_MAKE_STACK_UNINIT_NO_O,
332 MCPE_MAKE_STACK_UNINIT_128_NO_O,
333 MCPE_MAKE_STACK_UNINIT_128_NO_O_ALIGNED_16,
334 MCPE_MAKE_STACK_UNINIT_128_NO_O_ALIGNED_8,
335 MCPE_MAKE_STACK_UNINIT_128_NO_O_SLOWCASE,
336 /* Do not add enumerators past this line. */
337 MCPE_LAST
338 };
342 # define PROF_EVENT(ev) \
343 do { tl_assert((ev) >= 0 && (ev) < MCPE_LAST); \
344 MC_(event_ctr)[ev]++; \
345 } while (False);
347 #else
354 /*------------------------------------------------------------*/
355 /*--- V and A bits (Victoria & Albert ?) ---*/
356 /*------------------------------------------------------------*/
358 /* The number of entries in the primary map can be altered. However
359 we hardwire the assumption that each secondary map covers precisely
360 64k of address space. */
364 #define V_BIT_DEFINED 0
365 #define V_BIT_UNDEFINED 1
367 #define V_BITS8_DEFINED 0
368 #define V_BITS8_UNDEFINED 0xFF
370 #define V_BITS16_DEFINED 0
371 #define V_BITS16_UNDEFINED 0xFFFF
373 #define V_BITS32_DEFINED 0
374 #define V_BITS32_UNDEFINED 0xFFFFFFFF
376 #define V_BITS64_DEFINED 0ULL
377 #define V_BITS64_UNDEFINED 0xFFFFFFFFFFFFFFFFULL
379 /* Set to 1 to enable handwritten assembly helpers on targets for
380 which it is supported. */
381 #define ENABLE_ASSEMBLY_HELPERS 1
383 /* Comment the below to disable the fast case LOADV */
384 #define PERF_FAST_LOADV 1
386 /*------------------------------------------------------------*/
387 /*--- Leak checking ---*/
388 /*------------------------------------------------------------*/
390 typedef
392 // Nb: the order is important -- it dictates the order of loss records
393 // of equal sizes.
396 // least one interior-pointer along the way.
398 // (be it Unreached or IndirectLeak).
400 // (At best, only reachable from itself via a cycle.)
401 }
402 Reachedness;
404 // Build mask to check or set Reachedness r membership
405 #define R2S(r) (1 << (r))
406 // Reachedness r is member of the Set s ?
407 #define RiS(r,s) ((s) & R2S(r))
408 // Returns a set containing all Reachedness
411 /* For VALGRIND_COUNT_LEAKS client request */
418 /* For VALGRIND_COUNT_LEAK_BLOCKS client request */
425 typedef
427 LC_Off,
428 LC_Summary,
429 LC_Full,
430 }
431 LeakCheckMode;
433 typedef
438 // decrease in size or blocks.
439 LCD_New // Output new loss records.
440 }
441 LeakCheckDeltaMode;
443 /* When a LossRecord is put into an OSet, these elements represent the key. */
444 typedef
448 }
449 LossRecordKey;
451 /* A loss record, used for generating err msgs. Multiple leaked blocks can be
452 * merged into a single loss record if they have the same state and similar
453 * enough allocation points (controlled by --leak-resolution). */
454 typedef
463 }
464 LossRecord;
466 typedef
468 LeakCheckMode mode;
469 UInt show_leak_kinds;
470 UInt errors_for_leak_kinds;
471 UInt heuristics;
472 LeakCheckDeltaMode deltamode;
476 }
477 LeakCheckParams;
481 // Each time a leak search is done, the leak search generation
482 // MC_(leak_search_gen) is incremented.
485 // maintains the lcp.deltamode given in the last call to detect_memory_leaks
488 // prints the list of blocks corresponding to the given loss_record_nr slice
489 // (from/to) (up to maximum max_blocks)
490 // Returns True if loss_record_nr_from identifies a correct loss record
491 // from last leak search, returns False otherwise.
492 // Note that loss_record_nr_to can be bigger than the nr of loss records. All
493 // loss records after from will then be examined and maybe printed.
494 // If heuristics != 0, print only the loss records/blocks found via
495 // one of the heuristics in the set.
499 // Prints the addresses/registers/... at which a pointer to
500 // the given range [address, address+szB[ is found.
503 // if delta_mode == LCD_Any, prints in buf an empty string
504 // otherwise prints a delta in the layout " (+%'lu)" or " (-%'lu)"
507 LeakCheckDeltaMode delta_mode);
513 // Prints as user msg a description of the given loss record.
518 /*------------------------------------------------------------*/
519 /*--- Errors and suppressions ---*/
520 /*------------------------------------------------------------*/
522 /* Did we show to the user, any errors for which an uninitialised
523 value origin could have been collected (but wasn't) ? If yes,
524 then, at the end of the run, print a 1 line message advising that a
525 rerun with --track-origins=yes might help. */
528 /* Standard functions for error and suppressions as required by the
529 core/tool iface */
550 /* Recording of errors */
552 Bool isWrite );
574 UInt n_this_record,
575 UInt n_total_records,
577 Bool print_record,
578 Bool count_error );
582 void MC_(record_size_mismatch_error) ( ThreadId tid, MC_Chunk* mc, SizeT size, const HChar *function_names );
583 void MC_(record_align_mismatch_error) ( ThreadId tid, MC_Chunk* mc, SizeT align, Bool default_delete, const HChar *function_names );
586 /* Leak kinds tokens to call VG_(parse_enum_set). */
589 /* prints a description of address a in the specified debuginfo epoch */
592 /* Is this address in a user-specified "ignored range" ? */
595 /* Is this address in a user-specified "ignored range of offsets below
596 the current thread's stack pointer?" */
600 /*------------------------------------------------------------*/
601 /*--- Client blocks ---*/
602 /*------------------------------------------------------------*/
604 /* Describes a client block. See mc_main.c. An unused block has
605 start == size == 0. */
606 typedef
608 Addr start;
609 SizeT size;
612 }
613 CGenBlock;
615 /* Get access to the client block array. */
620 /*------------------------------------------------------------*/
621 /*--- Command line options + defaults ---*/
622 /*------------------------------------------------------------*/
624 /* Allow loads from partially-valid addresses? default: YES */
627 /* Max volume of the freed blocks queue. */
630 /* Blocks with a size >= MC_(clo_freelist_big_blocks) will be put
631 in the "big block" freed blocks queue. */
634 /* Do leak check at exit? default: NO */
637 /* How closely should we compare ExeContexts in leak records? default: 2 */
640 /* In leak check, show loss records if their R2S(reachedness) is set.
641 Default : R2S(Possible) | R2S(Unreached). */
644 /* In leak check, a loss record is an error if its R2S(reachedness) is set.
645 Default : R2S(Possible) | R2S(Unreached). */
648 /* Various leak check heuristics which can be activated/deactivated. */
649 typedef
652 // no heuristic.
654 // Consider interior pointer pointing at the array of char in a
655 // std::string as reachable.
657 // Consider interior pointer pointing at offset 64bit of a block as
658 // reachable, when the first 8 bytes contains the block size - 8.
659 // Such length+interior pointers are used by e.g. sqlite3MemMalloc.
660 // On 64bit platforms LchNewArray will also match these blocks.
662 // Consider interior pointer pointing at second word of a new[] array as
663 // reachable. Such interior pointers are used for arrays whose elements
664 // have a destructor.
666 // Conside interior pointer pointing just after what looks a vtable
667 // as reachable.
668 }
669 LeakCheckHeuristic;
671 // Nr of heuristics, including the LchNone heuristic.
672 #define N_LEAK_CHECK_HEURISTICS 5
674 // Build mask to check or set Heuristic h membership
675 #define H2S(h) (1 << (h))
676 // Heuristic h is member of the Set s ?
677 #define HiS(h,s) ((s) & H2S(h))
679 /* Heuristics set to use for the leak search.
680 Default : all heuristics. */
683 /* Assume accesses immediately below %esp are due to gcc-2.96 bugs.
684 * default: NO */
687 /* Fill malloc-d/free-d client blocks with a specific value? -1 if
688 not, else 0x00 .. 0xFF indicating the fill value to use. Can be
689 useful for causing programs with bad heap corruption to fail in
690 more repeatable ways. Note that malloc-filled and free-filled
691 areas are still undefined and noaccess respectively. This merely
692 causes them to contain the specified values. */
696 /* Which stack trace(s) to keep for malloc'd/free'd client blocks?
697 For each client block, the stack traces where it was allocated
698 and/or freed are optionally kept depending on MC_(clo_keep_stacktraces). */
699 typedef
706 }
707 KeepStacktraces;
710 /* Indicates the level of instrumentation/checking done by Memcheck.
712 1 = No undefined value checking, Addrcheck-style behaviour only:
713 only address checking is done. This is faster but finds fewer
714 errors. Note that although Addrcheck had 1 bit per byte
715 overhead vs the old Memcheck's 9 bits per byte, with this mode
716 and compressed V bits, no memory is saved with this mode --
717 it's still 2 bits per byte overhead. This is a little wasteful
718 -- it could be done with 1 bit per byte -- but lets us reuse
719 the many shadow memory access functions. Note that in this
720 mode neither the secondary V bit table nor the origin-tag cache
721 are used.
723 2 = Address checking and Undefined value checking are performed,
724 but origins are not tracked. So the origin-tag cache is not
725 used in this mode. This setting is the default and corresponds
726 to the "normal" Memcheck behaviour that has shipped for years.
728 3 = Address checking, undefined value checking, and origins for
729 undefined values are tracked.
731 The default is 2.
732 */
735 /* Should we show mismatched frees? Default: YES */
738 /* Should we warn about deprecated realloc() of size 0 ? Default : YES */
741 /* Indicates the level of detail for Vbit tracking through integer add,
742 subtract, and some integer comparison operations. */
743 typedef
747 EdcYES // All operations instrumented expensively
748 }
749 ExpensiveDefinednessChecks;
751 /* Level of expense in definedness checking for add/sub and compare
752 operations. Default: EdcAUTO */
755 /* Do we have a range of stack offsets to ignore? Default: NO */
761 /*------------------------------------------------------------*/
762 /*--- Instrumentation ---*/
763 /*------------------------------------------------------------*/
765 /* Functions defined in mc_main.c */
767 /* For the fail_w_o functions, the UWord arg is actually the 32-bit
768 origin tag and should really be UInt, but to be simple and safe
769 considering it's called from generated code, just claim it to be a
770 UWord. */
777 /* And call these ones instead to report an uninitialised value error
778 but with no origin available. */
785 /* V-bits load/store helpers */
815 /* Origin tag load/store helpers */
829 /* Functions defined in mc_translate.c */
839 /* Check some assertions to do with the instrumentation machinery. */
844 /*--------------------------------------------------------------------*/
845 /*--- end ---*/
846 /*--------------------------------------------------------------------*/